Hacker accessed 2007 backup of Reddit in June 2018 breach

Popular content aggregation platform Reddit was the subject of a database breach back in June 2018. According to an August 1st, 2018 announcement made by Reddit CTO and founding engineer Christopher Slowe, under his KesyerSosa username, a hacker managed to breach Reddit’s systems and access current email addresses as well as a 2007 database backup filled with old, encrypted passwords. The backup reportedly contained early user data, including information from Reddit’s launch in 2005 until May 2007. “In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then,” wrote Slowe, in his August 1st post. The hacker was able to access Reddit’s internal system between June 14th and June 18th, 2018, by accessing the accounts of some Reddit employees. According to Slowe, the main attack was conducted by intercepting a two-factor authentication code sent through SMS. Slowe added that Reddit was made aware of the breach on June 19th, 2018, and has since been working alongside cloud and source code hosting providers to learn more about the attack. Reddit is also in contact with U.S. law enforcement entities and is cooperating with an investigation. “Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs,” said Slowe. “They were… [Read full story]